chapter 7 revision history - energy.gov · chapter 7-1 chapter 7 surveys and reviews this chapter...
TRANSCRIPT
![Page 1: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/1.jpg)
Chapter 7 Revision History:
Date Description
6/3/15 Pg. 7-1, Line 6, added text Pg. 701-1, Line 8, added text Pg. 701-1, Line 10, removed last sentence Pg. 701-1, Line 31, removed #5 Pg. 701-1, Line 38, changed date Pg. 701-2, Line 3, added/deleted text Pg. 701-2, Line 9, reworded first sentence Pg. 701-2, Line 19, added text Pg. 701-3, Line 3, added text Pg. 701-3, Line 18, removed last two bullets Pg. 701-4, Line 12, reworded all three bullets Pg. 702-1, Line 13, added new sentence Pg. 702-1, Line 27, deleted text Pg. 702-1, Line 29, added new sentence Pg. 702-1, Line 40, deleted text Pg. 702-2, Line 23, deleted text Pg. 702-2, Line 35, removed line item #3 Pg. 702-3, Line 5, reworded first sentence
11/28/16 Pg. 701-2, Line 14, added ‘Termination’ Pg. 701-2, Line 17, added ‘A summary of’ Pg. 701-2, Line 26-29, added ‘Introduction’ and description Pg. 701-3, line 29, swapped ‘surveys’ and ‘reviews’ for clarity. Pg. 701-5, Line 5, replaced ‘examined’ with ‘addressed’ for clarity Pg. 701-5, Line 16-17, updated reference to the Technical Standard Pg. 701-6, Line 8-9, updated position title Pg. 701-6, Line 10-12, updated section to reflect order Pg. 701-7, Line 5, updated to reflect order Pg. 701-7, Line 17-20, updated to reflect order Pg. 702-2, Line 31-33, updated to reflect new process outlined in HQ Survey SOP
4/16/18 Added the root cause analysis tool
1/8/19 Revised entire document
![Page 2: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/2.jpg)
This page intentionally blank.
![Page 3: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/3.jpg)
Chapter 7-1
Chapter 7 Surveys and Reviews
This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements
of DOE Order 470.4B, Chg-2, Safeguards and Security Program, Appendix A, Section 2, Survey,
Review, and Self-Assessment Programs.
The Survey and Review Programs provide assurance to the Secretary of Energy, Departmental
elements, and OGAs that safeguard and security (S&S) interests and activities are protected at the
required levels. These programs also provide a basis for line management to make decisions
regarding S&S program activities, including allocation of resources, acceptance of risk, and
mitigation of vulnerabilities. The results of these reviews provide a compliance and performance-
based documented evaluation of the S&S program. In addition, these reviews identify S&S program
strengths and weaknesses, develop and complete a process improvement schedule, and use the
results to correct and improve the overall S&S program. The survey and self-assessment reports
provide documentation of oversight and assessment activities.
Section 701 describes the types of surveys and reviews conducted at DOE HQ, the contents of
associated reports, and the rating system in use.
Section 702 describes the procedures for developing Corrective Action Plans, tracking them to
completion, and obtaining validation of closure.
Section 703 describes the ancillary assessment activities provided by the Survey Team
Section 704 describes the risk analysis base scheduling process for developing the survey schedule
![Page 4: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/4.jpg)
Chapter 7-2
This page intentionally blank.
![Page 5: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/5.jpg)
Chapter 701-1
Section 701 Surveys and Reviews This section describes the programs and procedures in effect at Department of Energy (DOE)
Headquarters (HQ) to conduct Safeguard and Security (S&S) surveys and reviews. These activities are
conducted to assure the Secretary of Energy, Departmental elements, and other government agencies
(OGAs) that S&S interests are being protected at the required level.
The Office of Information Security (AU-42) is responsible for the conduct of all surveys and reviews of
HQ facilities and for conducting an annual survey of overall HQ security operations.
PURPOSE
This chapter will describe the responsibilities and procedures used by the United States DOE HQ,
Associate Under Secretary for the Office of Environment, Health, Safety and Security (AU), Office of
Headquarters Security Operations (AU-40), and Office of Information Security (AU-42). This chapter
will assist the HQ Survey Team (Team) in the administration, planning, conduct, and documentation of
the Safeguards and Security (S&S) Survey Program and other assigned duties, roles, and responsibilities.
The AU-40 Director is assigned as the Officially Designated Federal Security Authority (ODFSA) and the
Cognizant Security Authority for DOE HQ and is responsible for oversight of the DOE HQ Survey
Program. The AU-42 Director is assigned as the Officially Designated Security Authority (ODSA).
Federal Oversight may also use data developed during the annual survey as part of the contractor
assurance system required by DOE O 226.1B Implementation of Department of Energy Oversight Policy
(DOE O 470.4B Chg.2 App.A, Sect. 2. 5).
SURVEY METHODOLOGY
AU-40 will plan, conduct and follow-up on surveys and special reviews under its purview in accordance
with DOE Order 470.4B, Change 2, Safeguards and Security Program. Since the Order provides limited
technical guidance for this Program, other available sources of guidance include DOE Order 414.1D,
Change 1, Quality Assurance, DOE Guide 414.1-1C, Management and Independent Assessments Guide,
the DOE S&S Survey and Self-Assessment Planning, Conduct, and Reporting Technical Standard, DOE-
STD-1271-2016, Appendix B, Survey Prep and Report Checklist, and materials provided by the DOE
National Training Center (NTC). The Team will develop an annual schedule to cover the projected
activities for the Fiscal Year (DOE O 470.4B Chg.2 App. A, Sect. 2. 5.a & 6.b). There may be occasions
when AU-40 will need to adjust the survey schedule.
AU-42 staff members, supervised by the Federal oversight of the AU-42 Director, conduct surveys and
special reviews. Surveys and special reviews are conducted to confirm that a Federal or contractor
facility meets all security requirements appropriate to the activities conducted at that facility. Survey
reports inform Federal line management of the effectiveness of the facility’s security program, identify
any issues or concerns with the security program so they can be addressed, corrected, and allow both
contractor and Federal managers to manage risks.
The AU-42 HQ Survey Team can perform the three types of surveys described in DOE Order 470.4B,
Change 2, Appendix A, Section 2, Survey, Review, and Self-Assessment Programs.
S&S Initial Surveys (SSISs) are required as one of the conditions for granting a facility clearance
(FCL). An SSIS is conducted to determine whether the facility in question meets established
standards for the protection of the security interests and activities covered by the FCL. The SSIS
and will be completed not more than six months prior to the granting of the FCL. (DOE O 470.4B
Chg.2 App. A, Sect. 2. 5.b & 6.a).
![Page 6: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/6.jpg)
Chapter 701-2
S&S Periodic Surveys (SSPSs) are conducted for facilities with an approved FCL to ensure the
satisfactory protection and control of DOE interests. The Survey Team conducts annual surveys
for cleared possessing facilities. (DOE O 470.4B Chg.2 App. A, Sect. 2. 6.b)
S&S Termination Surveys (SSTSs) are conducted to confirm that all S&S activities have been
terminated or awarded to another contractor, that access authorizations have been properly
terminated or dispositioned, and/or that no DOE property, classified information or matter
remains within the facility (DOE O 470.4B Chg.2 App. A, Sect. 2. 5.b & 6.c). A SSTS is
conducted prior to the termination and removal of the listed security interest(s) being tracked in
the DOE Safeguards and Security Information Management System (SSIMS).
Although no longer referenced in the DOE Order, occasionally Special Surveys (SPECs) or special
reviews may be conducted as directed by the AU-40 Director, or other line management.
Self-Assessments
DOE Order Self-Assessment definition and requirements
o Self-Assessments (SAs) are defined as an internal integrated evaluation of all applicable S&S
topical areas at a contractor facility or site (DOE O 470.4B Chg.2 App. A, Sect. 2. 5.g).
Contractor security personnel conduct it at intervals consistent with risk management
principles to determine the overall status of the S&S program at that location to verify that
S&S objectives are met (DOE O 470.4B Chg.2 App. A, Sect. 2. 5.c, 5.e, & 7). The DOE
cognizant security office may direct a specific SA interval and may direct that SA reports be
provided to DOE.
o SAs are conducted by contractors at their facilities to ensure that at any point the facility is in
compliance with all security requirements appropriate to the activities, information, and
conditions at the location. Under DOE Order during a fiscal year, Federal facilities are not
required to conduct SAs in addition to HQ surveys (DOE O 470.4B Chg.2 App. A, Sect. 2.
7).
Master Survey Schedule
The annual Master Survey Schedule, prepared and maintained by the HQ Survey Team and
approved by the AU-40 Director, identifies the Team’s yearly agenda conducted in accordance
with the frequency requirements identified in DOE Order 470.4B, Change 2, and other reference
material as listed.
o The National Industrial Security Program specifies that surveys of contractor facilities will be
conducted not more than once every 12 months unless special circumstances exist.
o Regulation 32 CFR Part 2001.60 establishes a requirement for an annual survey specifically
for the assessment of activities related to classified information.
Risk Analysis
Using risk analysis base scheduling process (Attachment 704-1), the Team identifies topics,
subtopics, and elements of emphasis during the review. The HQ Survey Team will evaluate all
topical areas identified on the modified DOE Form 470.8, Survey/Inspection Report Form
(Attachment 701-1), review of sub-topical areas will reflect the chapters contained within the
orders. The scope of the review will depend on the facility’s potential target characteristics,
threat assessment data, security interests housed at the facility, and ratings of the previous
survey(s) (DOE O 470.4B Chg.2 App. A, Sect. 2. 5.g). The Team will also use past
surveys/inspections, incidents, infractions, findings and results of SAs to identify areas of special
emphasis (DOE O 470.4B Chg.2 App. A, Sect. 2. 9.a). The scope of these activities and the
methods used must include those listed below:
![Page 7: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/7.jpg)
Chapter 701-3
o Compliance: Compliance reflects the status of the S&S Program as measured against
implementation of applicable Federal statutes, National Standards, regulations, policies, Site
Security Plans, and other approved security plans.
o Performance: Performance indicates the degree to which the elements of the S&S Program
meet protection objectives based on the operational and/or effectiveness testing of program
elements.
o Comprehensiveness: Comprehensiveness identifies the breadth of protection afforded all
activities and interests within a facility. This is accomplished through an evaluation of the
adequacy and effectiveness of programs and a thorough examination of the implementation
of policies, practices and procedures to ensure compliance and performance.
o Other: The DOE Cognizant Security Office, DOE management, and/or the Director of AU-40
determines the scope of initial, periodic, or termination surveys or special reviews.
Determinations of survey scope are predicated on the nature or status of operations at the
facility, and the activity or element being surveyed. These surveys and reviews may not
cover all topical areas listed on DOE Form 470.8.
SURVEY PHILOSOPHY
The Team will conduct the AU-40 Survey Program in a positive and productive manner. The Team will
communicate any weaknesses identified during a survey in a constructive fashion with the intent that the
survey results will be used to further strengthen the HQ Security Program. Positive communication
between the reviewers and those reviewed is critical. Reviewers will make every effort to assist
organizations in correcting weaknesses. When an assessor cannot provide the necessary expertise to
resolve a specific issue, he or she may assist the organization by putting them in contact with an
appropriate subject-matter expert (SME).
SURVEY SCOPE
The scope of a survey and the methods used in the conduct will address compliance, performance and
comprehensiveness. The Team will define the anticipated timelines for the conduct of each topical/sub-
topical survey prior to the commencement of the survey activities and document this information in the
survey plan or data call request. The Team will assess the topical and sub-topical area individually during
a predetermined block of time based on the overall importance and applicability to all HQ elements.
CHAPTER APPLICABILITY
This chapter provides guidance to personnel involved in the planning, conduct and participation in the
DOE HQ Survey Program and describes the methodology used to evaluate and document facility
performance and compliance as they relate to S&S requirements and standards. Other roles and
responsibilities are also identified in this chapter to provide guidance to complete the assigned survey
tasks.
SURVEY RESPONSIBILITIES
DIRECTOR, OFFICE OF INFORMATION SECURITY (AU-42), or designee
Reviews and submits the Annual Master Survey Schedule to AU-40 for approval.
Assigns a PAP Program Manager from the AU-42 Survey Team
![Page 8: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/8.jpg)
Chapter 701-4
Assigns a Survey Program Manager from the AU-42 Survey Team
Review and approve this chapter
SURVEY PROGRAM MANAGER, or designee
Manages the Survey Program for AU-40.
Prepares and maintains an Annual Master Survey Schedule.
Is a Certified Quality Auditor (CQA) with the American Society for Quality (ASQ) and
responsible to adhere to ASQ Code of Ethics.
Appoints Survey Team members for each evaluation. The selections must achieve a balance of
technical knowledge, experience, writing ability, survey experience, survey ability, and
availability. Employees who are technical area specialists may augment the AU-42 staff and
could include direct support contractors, other AU-40 employees, other HQ organization
employees, or other site employees.
Ensures the Survey Team conducts security surveys of facilities under the cognizant authority of
AU-40 in a timely manner.
Conducts Survey in-briefings, daily management meetings and close-out briefings.
May enter and maintain survey data in SSIMS, following the procedural requirements for SSIMS
entry.
Ensures Initial Surveys are conducted for all new facilities with a security interest prior to
granting facility approval.
Ensures Termination Surveys are conducted for all facilities that no longer have a security
interest.
Ensures the importance rating for approved facilities is updated as necessary.
Assigns the HQ Survey Team Lead responsibilities to the appropriate Survey Team member.
Consolidates all staffing resource requirements, to include such items as overtime requirements
for Federal staff, requests for assistance from other AU-40 Program Managers or other HQ
organizations, typing and editing support, and contractor support. Presents the consolidated
schedule, staffing requirements, and scope of the survey to the AU-42 Director.
Ensures that all necessary logistical arrangements are made, including the availability of adequate
workstations, classified computers, security containers, and authorized derivative classifiers as
deemed necessary. Also coordinates with appropriate organizations for the proper access control,
site-specific training requirements, and issuance of safety equipment.
May prepare the data call letter with input from the Topic Area Leads and forwards that letter to
the organization(s) to be surveyed or assessed at least 30 days prior to the beginning of the
survey.
May conduct daily meetings with the Topic Area Leads and with the appropriate management of
the organization(s) being surveyed to keep them informed of concerns resulting from the day’s
data collection activities.
Reviews Topic Area Survey Reports.
Provides guidance to Topic Area Leads and Survey Team members as necessary.
![Page 9: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/9.jpg)
Chapter 701-5
Provides guidance to HSOs or contractor FSOs in the preparation of CAPs for findings issued to
their organization.
Maintains reports in accordance with DOE requirements (470.4B Chg.2 App. A, Sect. 2. 10).
HQ SURVEY TEAM LEAD AND/OR TOPIC AREA LEADS (as assigned)
Project Leads are CQA through the ASQ and responsible to adhere to the ASQ Code of Ethics.
Are responsible for the activities of Survey Team members assigned to their Topic Area.
Are responsible for meeting all deliverable deadlines in a timely manner.
Provide Topic Area Lines of Inquiry (LOIs) for their areas to the HQ Survey Team Lead or
Survey Program Manager. The Survey Lead or Survey Program Manager will review and
approve the Topic Area LOIs.
Are responsible for ensuring that Survey Team members integrate and coordinate their activities
with other topic area teams as appropriate.
May conduct daily meetings with their Survey Team members on data collection activities and
concerns.
Brief the HQ Survey Team Lead or Survey Program Manager on data collection activities and
concerns.
Ensures notes are reviewed for classification and appropriately marked, and then submit to the
HQ Survey Team Lead or Survey Program Manager.
Provide the consolidated Topic Area Report, including the suggested ratings and accurate
reference citations, to the HQ Survey Team Lead or Survey Program Manager.
Incorporate changes to the Topic Area Report as required by the Survey Program Manager.
Ensure that all notes, working papers, and other data collection materials are collected from
Survey Team Members for retention.
SURVEY TEAM MEMBERS
Keep Topic Area Leads, Team Lead, or Survey Program Manager informed of data collection
activities and concerns.
Keep notes in sufficient detail for briefing and report development utilizing the LOI workbooks.
Meet deadlines for all deliverables.
Prepare their portion of the final report in the proper format, including recommended ratings and
findings.
Provide accurate reference citations for all findings to ensure that the finding is consistent with
DOE Orders and other requirements.
Write findings such that corrective actions can be completed.
Process classified information only on accredited computers.
Will not discuss the status of the survey (or whether a concern will or will not be a finding) with
individuals not on the Team. The Survey Team Lead or Survey Program Manager will provide
the surveyed organization’s management a daily briefing on the status of activities and concerns.
![Page 10: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/10.jpg)
Chapter 701-6
Develop, distribute, and process Line Item Review forms.
Collect and process Walking The Spaces forms.
Requirements
The AU-40 Director has tasked AU-42 with implementing these procedures in a manner consistent with
DOE policy.
TOPICAL AREAS
The Team will conduct surveys by evaluating the following six topical area identified on the modified
DOE Form 470.8.
Program Management Operations
Protective Force
Physical Protection
Information Security, including Classified Matter Protection and Control (CMPC)
Personnel Security
Unclassified Foreign Visits and Assignments
SURVEY PROGRAM SCHEDULE
The Team Program Manager, or designee, will oversee development of the annual HQ Survey Schedule
(DOE O 470.4B Chg.2 App. A, Sect. 2. 5.a). This annual schedule will cover October through September
of the following year. The schedule may include the survey of non-HQ facilities for which HQ holds
survey responsibility. The annual Master Survey Schedule identifies the activity, location, projected
date(s), and other information to assist the Team. The annual schedule is provided as a guide and is not
binding in details or events. Intensity of survey activities is risk based.
SURVEY PLANNING
Prior to conducting the survey, the Team will review the following:
Any requirements that have changed since the last survey
Previous survey and SA results to identify areas of concern and findings
Trends from previous surveys as well as other reviews (i.e., root cause analysis tools)
Relevant documents that may pertain to specific topical/sub-topical areas to include contracts,
collective bargaining agreements, and security plans.
Changes in Federal and contractor leadership
Prior to the scheduled start of a survey, the Team should notify the Heads of Elements and
Headquarters Security Officers (HSOs) responsible for areas/programs scheduled for review.
SURVEY PREPARATION
The Team will develop Lines of Inquiries (LOIs) for each topical area they will review. The Team will
use LOIs to aid in the development of a survey report. These notes will be retained as historical
![Page 11: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/11.jpg)
Chapter 701-7
documentation to explain and validate the survey results, until a new survey has been conducted.
[Included in the LOIs will be a qualitative scale of the level of compliance or non-compliance with the
requirement.] The Team will assign numbers to identify areas of greatest effect, either positively or
negatively, to the security environment assessed for use in future risk assessment survey planning.
DATA CALL
Prior to the commencement of an S&S Survey, the Team will request the assessed organization provide
records and documents for review. AU-42 will submit this request to the responsible organization prior to
the planned survey via official correspondence. Data submitted by the organization should arrive by the
date requested in the correspondence. The Team will use this documentation to conduct a review of the
organization’s S&S Program prior to their arrival, greatly reducing the operational impact and required
completion time.
SURVEY SCHEDULE
During the data call and review efforts, the Team may develop a schedule based on the lines of inquiry
and coordinate a schedule with the facility or site. This coordination will ensure the time used to conduct
the survey on site will be efficient and limit site impact. Attachment 701-3 provides a sample schedule
outlining survey activities to include time for scheduled breaks and survey team internal meetings.
SURVEY IN-BRIEF
Prior to initiating survey activities, the Team will coordinate an in-brief for the surveyed organization
with the organization’s HSO/Facility Security Officer (FSO). The HSO/FSO may invite any member of
their organization to be present for the in-brief. The purpose of the in-brief is to discuss the planned
activities (i.e., scope, performance testing, data call, personnel interviews, period subject to review, etc.)
and to initiate the survey activities. Additionally, the HSO/FSO must coordinate all survey activities
within their element ensuring Team members are provided access to necessary information and personnel.
If possible, during the survey or review process, the Team will provide daily status briefings to the
appropriate director and the organization’s management team.
CONDUCT
The HQ Survey Program will evaluate the applicable S&S topical and sub-topical areas to
determine the overall status of the program. However, if time or other resources do not allow for
a complete program evaluation, the Team will focus on assessing the sub-topical areas from
previous assessments that obtained marginal or lower ratings, findings, corrective actions, other
unfavorable report issues, or sub-topics not reviewed during the previous survey.
The Survey Team may select specific sub-topics for detailed reviews based on assessment results
at other sites, direction by AU-40, the AU-42 Director, and SME guidance.
Team members will develop LOIs and performance tests, as appropriate, for their respective areas
and submit them to the HQ Team Lead for review and concurrence prior to the survey.
The AU-42 Director, designee, and/or the HQ Team Lead may deviate from these guidelines
when circumstances dictate.
VALIDATION
During the course of a survey, the Team must validate results by methods including, but not limited to,
document reviews, performance testing, and interview analyses and observations. Validation of results is
defined as two independent sources of data confirming the Team’s assertions. This data can be in the
![Page 12: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/12.jpg)
Chapter 701-8
form of document information, interviews, observations, or testing results. Validation of results will be
included in the reports, specifically if an issue or noteworthy practice is identified.
SURVEY PERFORMANCE
The Team verifies, by examination and evaluation of objective evidence, whether assessed topical
and sub-topical areas are compliant with DOE policies and procedures, and that implemented
systems effectively meet protection objectives.
During the course of performing surveys, the Team will:
o Conduct survey activities in accordance with established protocols and Survey Philosophy;
o Immediately report any conflicts or difficulties with individual(s) being assessed to the Team
Lead and, if necessary, the AU-42 Director, or designee;
o Report any conditions requiring prompt corrective action to the element’s HSO/FSO, Team
Lead, and the AU-42 Director, or designee;
o Identify and document potential findings or issues including repetitive or programmatic non-
compliances;
o Appropriately record/document assessment results in a manner that facilitates expeditious
completion of the survey report;
o Conduct performance and cognitive tests in accordance with approved test plans;
o Avoid duplicating effort by using results from special reviews, previous conditions, etc. (as
available);
o Investigate a potential deficiency when observed;
o If evidence supports a significant non-compliance, perform comprehensive review to
determine if a potential deficiency exists; and
o Recommend topical area/sub-topical area ratings in accordance with DOE directive
requirements based upon survey results.
NOTE: If the Team makes a determination that a security interest is at risk, the Team will cease
operations, make all necessary notifications and take necessary steps to safeguard and secure the security
interest.
DRAFT SURVEY REPORT
Each Team member will use DOE Order 470.4B, Change 2, Section 2, Survey, Review and Self-
Assessment Programs, as a guide when writing their report. The Team will provide their consolidated
draft report, to include suggested ratings, to the HQ Survey Team Lead, or designee. The Team Lead will
review the references cited for each finding to ensure they are correct and support the finding. The HQ
Survey Team Lead will submit draft reports to the Survey Program Manager, AU-42 Director, or
designee, for review and approval.
Peer review is a method for determining the accuracy and reliability of a document. As the Team drafts
the survey report, the entire Team should be reviewing its content to ensure that it accurately depicts
conditions in a fair and unbiased manner. If any portion of the draft does not completely satisfy these
conditions, the Team Members should continue to review and amend it until it satisfies each member.
The Team can also use peer review to improve performance during all phases of a survey.
Prior to submitting the report to the AU-42 Director or designee for approval, the Survey Team should
![Page 13: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/13.jpg)
Chapter 701-9
submit the draft to the organization surveyed. The organization should complete a factual accuracy
review to ensure the report reflects the information provided and the site assessed. Any conflicts should
be resolved between the Survey Program Manager and the site HSO/FSO.
REPORT CONTENT
The report should reflect the compliance and performance segments of the survey. Discussion of topical
areas in the report should follow the order of the topics identified in the modified DOE Form 470.8.
Reports should explain what the Team assessed, and what was found, observed, and determined.
Information presented in the report should focus on new or noteworthy information and discrepancies.
The report will identify, communicate, and document program strengths. Narrative used to capture
survey activities that are ‘skill of the craft’ should be minimal. ‘Skill of the craft’ is considered survey
activities conducted by DOE trained and qualified personnel to include but not limited to document
review, interviews, and observations. Although testing may also be considered ‘skill of the craft’ tests are
infrequently conducted and the results should be noted. Initial surveys may be more detailed, capturing
information about the facility and security elements. However, when conducting subsequent periodic
surveys the repeating information presented in the report should be limited.
Initial/Periodic HQ reports are generated by sub-topic and will outline those elements. Survey Reports
should contain the following items, if applicable:
A completed modified DOE Form 470.8 HQ.
An “Executive Summary” containing:
o A summary of the scope, period of coverage, duration and date of the exit briefing to
management;
o A brief synopsis of major strengths and weaknesses that impact the effectiveness of the topic;
o The overall composite facility rating with supporting rationale; and
o Reference to a list of findings identified during the survey.
A “Topical” and “Sub-Topical” section with a narrative for all sections containing:
o A description of the site’s implementation of the program element;
o The scope of the evaluation;
o A description of activities conducted;
o The evaluation results and associated issues;
o The identification of all findings, including new and previously identified open findings,
regardless of source [e.g., Office of Enterprise Assessments (EA) and predecessor
organizations, Inspector General (IG), Government Accountability Office (GAO)] and their
current corrective action status; and
o An analysis that provides a justification and rationale of the factors responsible for the rating
(470.4B Chg.2 App. A, Sect. 2. 8).
“Attachments” such as:
o A listing of all noteworthy practices, observations, recommendations and findings, including
new and previously identified open findings, regardless of source (e.g., EA, IG, GAO), and
their current corrective action status.
![Page 14: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/14.jpg)
Chapter 701-10
RATINGS
Generally, ratings will be determined following the criteria established by DOE O 470.4B:
Rating Types
A “Satisfactory” rating indicates the element evaluated by the Team meets protection objectives
or provides reasonable assurance that protection objectives were being met at the time of the
survey.
A “Marginal” rating indicates the element evaluated by the Team partially meets protection
objectives or provides questionable assurance that protection objectives were being met at the
time of the survey.
An “Unsatisfactory” rating indicates the element evaluated by the Team does not meet protection
objectives or does not provide adequate assurance that protection objectives were being met at the
time of the survey.
Rating Determinations
At the conclusion of each topic/sub-topic of the HQ Annual Survey or following an individual survey, the
HQ Survey Team Lead should schedule a meeting with all Team Members to discuss and determine final
ratings. For each sub-topical block of the survey, the Topic Lead, and/or the SME as applicable, will
initially assign ratings prior to discussion at the team meeting. Once the Team reaches an agreement or
consensus, these initial ratings are assigned.
The Team must base any less than Satisfactory ratings in any topical area on validated weaknesses in the
S&S system or deficiencies in performance. A topical area rating must not be Marginal for any
consecutive survey period and will be assigned an Unsatisfactory rating unless one of the following
conditions apply:
The current survey of the topical area results in a Satisfactory rating; or
The previous survey that resulted in a Marginal rating identified different deficiencies and
reasons for the rating; or
The deficiencies and reasons that were the basis for the previous Marginal rating were related to
the completion of a line item construction project or upgrade program. In that case, the assessed
organization must have implemented acceptable interim measures, physically validated pending
completion of the project, and the information must be documented in the survey report.
The surveyed organization will make the notifications and actions for response to less than Satisfactory
S&S Periodic and HQ Surveys composite ratings after the final approval and dissemination of the survey
report (reference DOE O 470.4B Chg. 2, App. A, Section 3.16, Final Survey Report).
CLOSE-OUT BRIEFING
The HQ Survey Team Lead, or designee, will make all logistical arrangements and conduct the close-out
briefing.
The Team should conduct a close-out briefing immediately after the survey of each topical area during the
HQ Annual Survey.
NOTEWORTHY PRACTICES, OBSERVATIONS, AND FINDINGS
As part of the survey report, the Team may come across processes or performance matters that the
surveyed organization needs to address in one manner or another. The description of the subject matter
![Page 15: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/15.jpg)
Chapter 701-11
should provide a clear understanding of what the Team observed, discovered, or validated.
Noteworthy Practices: A noteworthy practice is a condition, practice, or situation that highlights
management’s attention to consider further review to expand the implementation or communication
across the DOE complex.
Opportunity For Improvement (OFI): An opinion based statement submitted by the survey team to
identify ways in which the safeguard and security element might be improved. OFI can be linked to an
order requirement but does not identify a failure to meet the requirement like a finding does.
Observation: An observation is a specific statement of fact determined through document review or
performance observation that indicates less than expected performance, but does not, by itself rise to the
level of a finding. Observations are not validated and do not require formal evaluation and corrective
actions, but they should be evaluated for potential improvement actions and documented for trending
purposes.
The Team may discover concerns in areas other than the area surveyed. The Team member who
discovered the concern must ensure the responsible SME for the issue is aware of the concern(s)
discovered.
The Team will annotate observations in the report where appropriate. The HQ Survey Team
Lead, or designee, will present the observations during the close-out briefing. Observations
should be viewed as notable areas for improvement and should be evaluated thoroughly for
implementation into the local S&S program.
If the results of the survey identify an incident of security concern, it must be reported in
accordance with the HQFMSP, Chapter 11, Incidents of Security Concern.
For survey activities, each Team Member should document concerns that do not yet represent an
overall program deficiency. The Team should issue a finding if a concern can be validated and
has the potential to significantly impact the S&S Program or degrade the required protection
levels of S&S interests. The Team will be cognizant of writing a concern to ensure that all
possible classified information is appropriately protected.
Finding: A finding is a validated factual statement of identified issues and deficiencies (failure to meet a
documented legal, regulatory, performance, compliance, or other applicable requirement) in the S&S
Program at a facility, resulting from a survey. If left uncorrected, a finding has the potential to result in
near-term significant adverse consequences to the health, safety, or security of personnel or property, or
the achievement of the mission.
The Team will write all findings in a manner that will allow them to be corrected. The Survey
Program Manager will ensure all survey findings are entered into SSIMS (DOE O 470.4B Chg.2
App. A, Sect. 2. 9.b).
The Team will monitor all findings and the status of corrective actions until closed. The Survey
Program Manager will ensure the input of quarterly updates into SSIMS.
NOTE: The facility that conducted the SA should develop a local tracking system that is controlled by the
facility and track the finding deficiencies and corrective actions until closed. (DOE O 470.4B Chg.2 App.
A, Sec. 2. 9.c)
Identification and Documentation
During the Data Call and Data Collection phases of the Survey, the Team will query SSIMS and
obtain a listing of all open findings and findings that were validated as closed since the last
survey. As part of the survey process, each HQ Survey Team Lead should review the status of
each open finding. Team members must also validate that corrective actions taken to close
![Page 16: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/16.jpg)
Chapter 701-12
findings were adequate (DOE O 470.4B Chg.2 App. A, Sect. 2. 9.a). Team members should
review and validate submitted corrective action packages and appropriate forms during surveys to
ensure findings are closed in a timely manner (DOE O 470.4B Chg.2 App. A, Sect. 2. 9.c).
The Team will document each finding in the final survey report. The Team will be careful to
ensure finding language does not divulge classified information. If a finding may be classified,
the Team will use a classified workstation to draft the finding. Should a classified workstation
not be available, a classified finding may be hand written and appropriately classified and marked
as a working paper by the SME responsible for the topical/sub-topical area. As soon as possible,
but not to exceed 180 days, a derivative classifier must review the document. The Team may
complete an electronic version when access to an accredited classified workstation becomes
available.
The Team will present finding information immediately upon discovery and during the out-
briefing. The Team and program office will discuss the finding information for factual/ accuracy
review. If both entities concur on the information, the Team will issue a finding.
Finally, the HQ Survey Team Lead will use the finding information to complete the final report
and enter the data into SSIMS. Corrective action plans (CAPs) should be submitted within 30
working days from the transmission date of the finding using the form provided by AU-40
(Attachments 702-1 and 702-2) (DOE O 470.4B Chg.2 App. A, Sect. 2. 5.j).
Finding filenames must follow the YYMMDD-HQ-Facility Code-Survey Type (SSPS or SSTS)-
XX.X-00X format. For filenames used to document findings during the HQ Annual Survey, the
finding date will be the last day of the specific topical area review or “block,” regardless of who
owns the issue.
If the finding is discovered during a survey, the finding number will be given a date
corresponding to the final day of the survey. If, during the course of the Annual HQ Survey or
other survey, the Team discovered a finding that is the responsibility of a Program Office other
than the one reviewed, notification will be made as soon as possible to the Program Office.
If the Team identified a significant deficiency during any survey activity revealing a vulnerability
in the Program Office’s S&S Program, the Team will immediately initiate the appropriate
notifications and recommend corrective actions. The Team will advise the Program Office
management to promptly identify and implement immediate compensatory actions to mitigate the
condition, provide a written report outlining established compensatory measures, and provide a
CAP (including costs and identifying funds) to eliminate the vulnerability or reduce risk to an
acceptable level as soon as possible. Team members will evaluate and validate the effectiveness
of the compensatory measures.
FINAL SURVEY REPORT
Each Topic Area Lead will provide a consolidated final topic report to the Survey Team Lead (if different
from the Survey Program Manager). The HQ Survey Team Lead will include the topic reports as part of
a final report submitted to the AU-40 Director through AU-42 for approval.
The Team will prepare and issue the final report as soon as possible after the final Close-Out Briefing. In
situations when the report cannot be completed and disseminated in a timely manner, the HQ Survey
Team Lead will notify the AU-40 Director, or designee. The AU-42 Director will continue to update the
OSHO Director, or designee, of the status of the late report until completed. Upon completion of the
report, the Team will distribute the report as appropriate.
If the Composite Rating for the facility being surveyed is Marginal, the AU-40 Director will
notify the AU Deputy Associate Under Secretary of the results within 15 working days of the
![Page 17: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/17.jpg)
Chapter 701-13
close-out briefing.
Notifications will include a statement identifying the vulnerability and rationale for the rating,
and
A description of the corrective actions/compensatory measures taken to date and a statement
acknowledging physical validation of the adequacy of items listed above.
If the survey results in a Composite Rating of Unsatisfactory, the AU-40 Director will coordinate with the
AU Deputy Associate Under Secretary, and with the Secretarial Offices within 24 hours, to:
Take action to suspend the activity and/or facility clearance pending remedial action, or
Provide the rationale for continuing critical operations to the AU Deputy Associate Under
Secretary and Secretarial Offices and provide the immediate interim corrective actions being
undertaken to mitigate identified risks or vulnerabilities.
REGISTERING SURVEYS/SELF-ASSESSMENTS INTO SSIMS
All final survey reports must have the completed and approved modified DOE Form 470.8,
Survey/Inspection Form, and findings are entered into SSIMS. All surveys and SAs must provide ratings
for topic and sub-topic areas reviewed and designate an overall composite rating. The three ratings used
are Satisfactory, Marginal or Unsatisfactory. For SAs, only the modified DOE Form 470.8,
Survey/Inspection Form, will be entered into SSIMS, not the findings.
WORKING PAPERS
The Topic Area Lead will collect and compile all survey notes, working papers, background material, and
other relevant data and submit it to the HQ Survey Team Lead. The Team will retain this information
until the next survey is completed. The Survey Team will retain all records in accordance with DOE
directives and requirements (DOE O 470.4B Chg.2 App. A, Sect. 2. 10).
TRAINING
Employees with the primary duty as a Survey Team member must meet training requirements as outlined
below in order to be qualified to perform their duties and to be considered SMEs in S&S matters.
Prerequisites:
Basic Survey (NTC Course PHY – 128DE)
Basic Survey (NTC Course PHY – 130)
Required Training (to be completed within one year of employment):
Introduction to Classified Matter Protection and Control (CMPC) (NTC Course ISC-121DE)
Operations Security (OPSEC) Overview (NTC Course ISC-141DE)
Physical Protection Systems Overview (NTC Course PHY-100DE) Classified Matter Protection
and Control briefing (presented by DOE HQ AU-42)
Classified Document Control Station briefing (presented by DOE HQ AU-42)
Recommended Training and Certification (may complete during employment, as time permits):
Safeguards and Security Information Management System (SSIMS) Data Entry & Query course
(presented by DOE HQ AU-52)
![Page 18: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/18.jpg)
Chapter 701-14
E-mail Derivative Classifier (EDC) training (required prior to attending SSIMS class – presented
by Office of Classification (AU-61))
Classified Matter Protection and Control I (CMPC) (NTC Instructor Led Course ISC-221)
Operations Security (OPSEC) (NTC Instructor Led Course ISC-241)
Facility Security Officer Overview (NTC Course PHY-210DE)
Enterprise Mission Essential Task List (EMETL) Overview (NTC Course MIT-121DE)
Performance Testing of the Protective Force (NTC Instructor Led Course PHY-100)
Fundamentals of Performance Testing – Essential Elements (NTC Instructor Led Course VAP-
335)
Survey of the Protective Force (NTC Instructor Led Course PFT-202)
Fundamentals of Performance Management (NTC Instructor Led Course DOE-130)
Introduction to DOE Personnel Security (NTC Course PER-100DE)
Survey of PERSEC (NTC Instructor Led Course PER-302)
Introduction to Physical Protection Systems (NTC Instructor Led Course PHY-100DB)
Physical Security Performance Testing of Systems (NTC Instructor Led Course PHY-200)
Intermediate Physical Protection Systems (NTC Instructor Led Course PHY-120)
Survey of Physical Security Systems (NTC Instructor Led Course PHY-202)
Legal Aspects of Inquiries (NTC Online Course ISC-202DE)
Conduct of Inquiries (NTC Instructor Led Course ISC-301)
Plain Language Writing (DOE HQ Instructor Led)
Basic Instructor Training (NTC Instructor Led Course MIT-111)
American Society for Quality Certified Quality Auditor
REQUIRED DATABASE ACCESS
Team members should have access to the following databases in order to assist with the Survey process.
SSIMS
Classified Local Area Network
AU-42 Survey Team Folder
Ancillary Assessment Database
![Page 19: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/19.jpg)
Chapter 701-15
Point of Contact For the names and contact information for the positions identified in this section, call (301) 903-
9990.
References DOE Order 470.4B, Change 2, Safeguards and Security Program, Appendix A, Section 2, Survey,
Review, and Self-Assessment Programs
DOE Order 473.3A, Protection Program Operations
DOE Order 471.6, Change 2, Information Security
DOE Order 472.2, Change 1, Personnel Security
DOE Order 414.1D, Change 1, Quality Assurance
DOE Order 142.3A, Unclassified Foreign Visits & Assignments Program
DOE Order 226.1B, Implementation of Department of Energy Oversight Policy
DOE Order 206.2, Identity, Credential, and Access Management (ICAM)
DOE Guide 414.1-1C, Management and Independent Assessments Guide
Headquarters Site Security Plan
Headquarters Facility Master Security Plan
![Page 20: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/20.jpg)
Chapter 701-16
This page intentionally blank.
![Page 21: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/21.jpg)
DOE F 470.8 HQ
(09/2018) Replaces DOE F470.8 (09-2012)
All Other Editions are Obsolete
Chapter 701-17
ATTACHMENT 701-1
U.S. Department of Energy
MODIFIED SURVEY / INSPECTION REPORT FORM
1. Survey Type: Initial Periodic Special Termination EPR NPR EA
3. Report #:
3. Facility Name:
4. a. Facility Code:
b. RIS Code:
5. Survey Date(s):
6. a. Findings: Yes No
b. Findings Against Other Facilities:
7. Composite Rating:
8. Previous Survey Date(s): 9. Unresolved Findings: Yes No 10. Previous Rating: Satisfactory
11a. Surveying Office:
11b. Cognizant Security Office:
11c. Other Offices with Interests:
12. Ratings:
a) PROGRAM MANAGEMENT AND SUPPORT d) PHYSICAL PROTECTION
S&S Program Planning Protection Planning
Security Plans Security Area
Security Conditions Posting Notices
Performance Assurance Locks and Keys
Survey, Review, and Self-Assessment Programs Maintenance
Facility Clearances and Registration of S&S Activities Barriers
Foreign Ownership, Control, or Influence Programs Communications, Electrical Power and Lighting
S&S Awareness Secure Storage
Control of Classified Visits Intrusion Detection and Assessment Systems
S&S Training Program Entry/Exit Screening
Incident of Security Concern DOE Security Badge, Credential, and Shield Program
b) PROTECTIVE FORCE e) INFORMATION SECURITY
Management General Requirements
Training Handling and Protection
Administration Foreign Government Information
Security Officers Release or Disclosure of U.S. Classified Information to
Security Police Officers Fixed Post Foreign Governments
Security Police Officers I Disclosure and Release in Emergency Situations
Firearms Training Operations Security
Firearms Operations
Firearms Qualification f) UNCLASSIFIED FOREIGN VISITORS AND
Operational Assurance ASSIGNMENTS PROGRAM
Guidelines for Legal Authority/Fresh Pursuit and ROE Documentation
Performance Testing Lawful Immigration Status, Citizenship, and Identity
Canine Program Security Plans
Demonstrator and Protestor Plan Indices Checks
Workplace Violence and Active Shooter Plan Access Approval
Graded Approach
c) PERSONNEL SECURITY
General Requirements
Reciprocity
Personnel Security Quality and Training
Personnel Security Files
Adjudicative Considerations Related to Statutory
Requirements and Departmental Requirements
13. Report Prepared by:
Date:
14. Report Approved by:
Date:
15. Distribution:
16. General Comments:
SURVEYS: S = Satisfactory M = Marginal U = Unsatisfactory D = Does Not Apply NR = Not Rated (SPEC only)
INSPECTIONS: EP = Effective Performance NI = Needs Improvement SW = Significant Weakness D = Does Not Apply
![Page 22: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/22.jpg)
Chapter 701-18
This page intentionally blank.
![Page 23: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/23.jpg)
Chapter 701-19
ATTACHMENT 701-2
Survey Prep and Report Checklist
Survey Prep
Contact FSO/Site POC to establish date of assessment
Draft Data Call Memo
Forward Final Data Call Memo to Site
Review previous survey report
Review previous areas of Concerns/Findings
Review CAPS
Using previous information and data call develop Site Specific LOIs for Topical Areas
Request CPCI Listing from PerSec
Request Incident Reports from HQ Incidents of Security Concern Program Manager
Develop Survey Timeline/Forward Timeline for site approval
Coordinate interviews with site POC
Coordinate Performance Testing with site POC
Send site final LOIs
In-Brief presentation **
Conduct assessment activities
Out-Brief presentation**
Drafting Report/Review
Team Lead draft initial report
Team Members reviews draft
Final draft review by all Team Members
Program Manager Review
Team lead reconciles Program Manager comments
Forward to AU-40 Admin for proofing and formatting
Contract FSO/AFSO review for factual accuracy comments (Program Managers for HQ
Survey)
Team reconciles Contract FSO/AFSO comments
Submit Report to AU-40 Admin for final correction and submission to AUCT for
approval
Input Findings into SSIMS **
Survey Report Cover Memo
Report Attachments
DOE Form 470.8 HQ Report Form
**= If applicable to the survey
![Page 24: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/24.jpg)
Chapter 701-20
This page intentionally blank.
![Page 25: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/25.jpg)
Chapter 701-21
ATTACHMENT 701-3 Sample Survey Schedule
Date Event Time Location Personnel Docs
Tuesday,
March 28, 2017
In-Brief/Introductions 0800-0830 TBD Survey Team Members
Federal Oversight
Contractor Management
Schedule
Tuesday,
March 28, 2017
Review Program Management Operations (PMO)
S&S Program/Planning
o Resources and Budgeting
o SSP
o SECON**
o DBT
PAP
Surveys and SA
o SA Ratings
Safeguard and Security Awareness
Control of Classified Visits
S&S Training Program
o Development
IOSC
Review FDAR
0830-1130 TBD Survey Team Members
Federal Oversight
Contractor Management
Lunch
Tuesday,
March 28, 2017
Continue PMO Review
1300-1400 TBD
Tuesday,
March 28, 2017
Personnel Security Review (PS)
Access Authorization/Process for Security
Clearance
Protection of PII
Briefings (Initial, Security, Termination)
Termination Process
Interim Clearances
Drug/Substance Abuse program (10 CFR)
CPCI Listing
1400-1600 TBD Survey Team Members
Federal Oversight
Contractor PS Specialist
Review
forms in
PSF
![Page 26: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/26.jpg)
Chapter 701-22
Tuesday,
March 28, 2017
Out-brief 1600-1630 TBD Survey Team Members
Federal Oversight
Contractor Management
Date Event Time Location Personnel Docs
Wednesday,
March 29, 2017
Review Physical Protection
Access Control (Badges)
Lock and Key (Inventory)
IDS (Systems testing)
CAS (Systems and Communication)
CAS (NTC Procedures)
Barriers and Delay
Testing/Maintenance
Communications
Random Inspections
VTRs (Weapons Storage)
0800-1130 TBD Survey Team Members
Representatives
Lunch
Wednesday,
March 29, 2017
Review Protective Force
Protective Force (SNL Duties)
o MOU
o Response/Procedures
Facilities and Equipment
o LFR/ISSTEC Inventory
o Ammo Storage/Armory SOP
Performance Test
1300-1600 TBD Survey Team Members
Representatives
MOU
Wednesday,
March 29, 2017
Out-brief 1600-1630 TBD Survey Team Members
Federal Oversight
Contractor Management
![Page 27: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/27.jpg)
Chapter 701-23
Date Event Time Location Personnel Docs
Thursday,
March 30, 2017
Review Information Security
CMPC
o Procedures
o Training
o Origination and Classification
o Accountable
o Control Systems and Accountability
o Markings
o Classification in Use
o Storage
o Reproduction
o Transmission and Receipts
o Destruction
0800-1130 TBD Survey Team Members
Representatives
Classified
Document
Review
Review
Training
Records
Lunch
Thursday,
March 30, 2017
Information Security
Disclosure and Release
TSCM
Operations Security (OPSEC) Program
1300-1500 TBD Survey Team Members
Representatives
Briefings/
Training
(OPSEC)
Thursday,
March 30, 2017
Review Foreign Visits & Assignments
Process/Procedures
Export Control/ Tech Transfer
Security Requirements
Approvals and Reporting
FACTS Training
1500-1600 TBD Survey Team Members
Representatives
Thursday,
March 30, 2017
Final Out-brief
Questions, Comments, Final Discussion
1600-1630 TBD Survey Team Members
Federal Oversight
Contractor Management
![Page 28: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/28.jpg)
Chapter 701-24
This page intentionally blank.
![Page 29: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/29.jpg)
Chapter 702-1
Section 702 Corrective Action Plans and Validation of Closure
Security-related findings may be issued as a result of a security inspection, evaluation, survey, or
self-assessment conducted by the GAO, IG, EA, its predecessors, and the HQ Survey Team
within AU-42. Once a security finding is issued, a CAP must be developed to resolve the
finding, and the completed CAP must be validated to ensure that the actions have fully resolved
the finding. All security-related findings must be entered into SSIMS and tracked until they are
closed.
Because security-related findings are issued and tracked by several different organizations, many
of which do not use or have access to SSIMS, the process of tracking findings and CAPs and
validating their closure requires actions by several different HQ organizations.
HQ Implementation Procedures
FINDINGS:
Any finding issued as a result of a security inspection, evaluation, survey, or self-assessment
must be entered into SSIMS as follows:
Findings issued by the HQ Survey Team, AU-42, as a result of security surveys and self-
assessments are entered into SSIMS by the HQ Survey Team.
Findings issued by EA and its predecessors as a result of security inspections and evaluations are
entered into SSIMS by EA.
Findings issued by the GAO or IG, as a result of their reviews, are entered into SSIMS by the
Office of Security Assistance (AU-52).
When findings are issued, they are assigned to the specific HQ element where the deficiency was
identified. The element is then responsible for preparing an initial CAP within 30 days of
issuance of the finding. The CAP must identify what specific actions will be taken to resolve the
finding, along with milestones for completing those actions.
CORRECTIVE ACTIONS
Once a security finding is issued, a CAP must be developed to resolve the finding. When the finding is
corrected, there must be validation that the completed CAP has fully resolved the finding (DOE O 470.4B
Chg.2 App. A, Sect. 2. 5.h & 9.c). The CAP will be developed by the HSO/FSO, or designee, and the
CAP cover sheet and milestone page will be provided to AU-42 (Attachment 702-2 and 702-3). The
milestone listing page will be provided to supplement the CAP to identify the implementation plan,
course of action, and projected completion dates of the targeted activities. Periodic updates to the CAPs
and milestones are required from the HSO/FSO to AU-42 for updates to SSIMS.
The Team will track submitted CAPs and provide them to the HSO/FSO. The HSO/FSO will
review corrective actions with a focus on resolving the root cause of the finding. The Team
developed a tool to assist the HSO/FSO with identifying the root cause of a finding. The tool
uses the fishbone chart as well as the causal analysis tree to help in identifying the root cause of
![Page 30: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/30.jpg)
Chapter 702-2
the finding. A Survey Team member will review the CAP paperwork submitted and either
approve or disapprove the corrective action and provide the justification for transmittal to the
surveyed organization(s).
The Team will request updates of the CAP and milestones from the HSO/FSO or designee. AU-
42 will document these CAP/milestone updates in SSIMS. If an organization fails to provide a
response, this will be documented in SSIMS.
Upon completion of corrective actions, the Team will review the CAPs for verification and
validation, again assuring that the root cause was identified and addressed (470.4B Chg.2 App. A,
Sect. 2. 5.j). The Team will then approve or reject the closure of the finding and provide
justification for that decision for transmittal to the surveyed organization(s). The Corrective
Action Validation Report will be used to document closure of all findings (Attachment 702-5).
The Team should complete their reviews on CAPs within 30 working days.
TRACKING AND TRENDING
The Survey Team will track and trend information on findings and observations assigned during the
survey for systemic issue analysis (DOE O 470.4B Chg.2 App. A, Sect. 2. 9.b). Additionally, the Survey
Team will track and trend information provided by external sources such as the quarterly review provided
by Enterprise Assessments, information from ancillary assessment activities identified below, and on
causal analysis data identified in response to the corrective actions submitted. The Team will review
previous information identified in this trending during the current year’s survey activities (DOE O 470.4B
Chg.2 App. A, Sect. 2. 9.c).
One or more Corrective Action Plan Milestones pages, which are attached to and submitted along with
the Cover Sheet.
CAPs for findings issued by the GAO or IG must be prepared in the formats specified by those
organizations.
1. CAPs for Findings Issued by the HQ Survey Team – The Cover Sheet and Milestones CAP pages for
findings issued by the HQ Survey Team are submitted to the HQ Survey Team, which enters the
information from the initial CAP into SSIMS. Each quarter thereafter, the HQ Survey Team sends an e-
mail to the HSO of each element that has an open finding, requesting the current status of the CAP. The
HSO is expected to respond with an e-mail providing information on what milestones or corrective
actions were completed. The HQ Survey Team uses this information to update the CAP in SSIMS.
When the HSO believes that the finding has been fully corrected, he/she must notify the HQ Survey Team
by e-mail and provide the documentation or justification for closing the finding.
2. CAPs for Findings Issued by EA – The Cover Sheet and Milestones CAP pages for findings issued by
EA are submitted to EA, which reviews the initial CAP to ensure that it adequately addresses the root
cause of the finding. Once the review of the initial CAP is complete and the HQ element has revised and
finalized it, EA enters the CAP into SSIMS.
When the HSO believes that the finding has been fully corrected, he/she must notify EA by e-mail and
provide the documentation or justification for closing the finding.
![Page 31: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/31.jpg)
Chapter 702-3
Validation of Closure:
The HQ Survey Team validates closure of all findings. Closure of findings issued by the GAO or IG are
validated by those organizations in accordance with their individual procedures.
Points of Contact
For the names and contact information for the positions identified in this chapter, call (301) 903-
9990.
Forms/Samples/Graphics
Corrective Action Plan Cover Sheet (see Attachment 702-1)
Instructions for Completing Corrective Action Plan Cover Sheet (see Attachment 702-2)
Corrective Action Plan Milestones Sheet (see Attachment 702-3)
Instructions for Completing Corrective Action Plan Milestones Sheet (see Attachment 702-4)
Example of Root Cause Analysis Tools (see Attachment 702-5)
![Page 32: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/32.jpg)
Chapter 702-4
This page intentionally blank.
![Page 33: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/33.jpg)
Chapter 702-5
ATTACHMENT 702-1
PART I
CORRECTIVE ACTION ELEMENTS
Action Plan Cover Sheet
Finding Number: Facility Code:
Responsible Program Office:
Topical Area: Subtopical Area:
Reference(s) (i.e., Orders, Requirements, etc.):
Description of Deficiency:
Information above provided by Surveying organization
PART II
Root Cause Analysis Process Used:
Cause Code(s):
Corrective Action Description:
Estimated Completion Date:
Revised Completion Date:
Reason for Revised Completion Date:
Completion Date:
Responsible Manager:
Print Name Signature Date
![Page 34: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/34.jpg)
Chapter 702-6
ATTACHMENT 702-2
Instructions for Completing Corrective Action Plan Cover Sheet
The Surveying Organization will fill in Part I of the Corrective Action Plan Cover Sheet.
The organization assigned the finding will be responsible for completing Part II of the form.
PART II
Root Cause Analysis Process Used: Identify the technique used to identify the Cause Code. There
are a number of acceptable tools to include but not limited to, the five whys, fishbone, tree, failure
modes effects analysis. The preferred DOE Headquarters tool is the fishbone chart as well as
using the causal analysis tree to help in identifying the root cause outlined below. Please attach
the completed tool(s) showing how the root cause was identified.
Cause Code(s): Cause code identified by Root Cause Analysis, code, description, and examples are
available in DOE G 231.1-2 Occurrence Reporting Causal Analysis Guide. More than one code is
acceptable but not common, except if one of the codes is human error, which is generally
supported by a second code.
Corrective Action Description: High-level description of corrective action to include
compensatory measures required.
Estimated Completion Date: First expected completion date assuming all resources are
available and the corrective action activities are not disrupted.
Revised Completion Date: Update completion date, initial form submission will not have
information in this block, however additional submissions may include adjustments required by a
delay in corrective action efforts.
Reason for Revised Completion Date: A brief narrative on why the date must be revised, not
for the purposes of approval by the surveying organization but for informational purposes.
Completion Date: Date the corrective action was completed, necessary so surveying
organization can review the effectiveness of the efforts implemented.
Responsible Manager: Information by HSO/FSO responsible for completing the corrective action
Print Name Signature Date
The preferred DOE Headquarters tools used to identify the root cause, contributing causes,
and cause code(s).
![Page 35: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/35.jpg)
Chapter 702-7
ATTACHMENT 702-3
CORRECTIVE ACTION PLAN MILESTONES SHEET
Finding Number: Date:
Milestone:
No.:
Milestone Description:
Deliverables/Completion Criteria:
Milestone Due Date: Date Milestone Completed:
Milestone Manager (print and sign):
Milestone:
No.:
Milestone Description:
Deliverables/Completion Criteria:
Milestone Due Date: Date Milestone Completed:
Milestone Manager (print and sign):
![Page 36: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/36.jpg)
Chapter 702-8
ATTACHMENT 702-4
Instructions for Completing Corrective Action Plan Milestones Sheet
SECTION INSTRUCTIONS
Finding Number Enter the finding number.
Milestone Number Enter milestone number (consecutive starting with 1).
Milestone Description Write milestones with clear deliverables that solve the problem.
Ensure that milestones address and correct the deficiency.
Limit individual milestone instructions to brief, concise
statements describing logical segments of the specified milestone.
Include milestones for recurrence control.
Write realistic and achievable milestones that can be verified.
Do not overextend milestones beyond your control. Ensure that
resources are available.
Identify the milestone manager responsible for completion of
each milestone and the respective program element.
Identify only one milestone if only a single action is required to
correct the deficiency.
If completion of milestones is required by persons outside of
the responsible manager’s authority, the responsible manager
coordinates the milestone with the supporting
program element.
Deliverables/
Completion Criteria
Include completion criteria that are discrete, finite, and
verifiable.
Milestone Due Date Enter the due date for each milestone.
Date Milestone
Completed
Enter the actual date each milestone was completed.
Milestone Manager Milestone managers sign for concurrence of each assigned
milestone.
![Page 37: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/37.jpg)
Chapter 702-9
ATTACHMENT 702-5
CORRECTIVE ACTION VALIDATION REPORT
Finding Number:
Finding Short Description:
Validation Requested By:
Phone #:
Date:
Conducted By:
Phone #:
Date:
Conduct:
Results:
Adequate Documentation? Yes: No:
Milestones Completed? Yes: No:
Resolved Original Deficiency? Yes: No:
APPROVED Yes: No:
Evaluator(s) Print and Sign:
Date:
Reviewer Print and Sign:
Date:
UNCLASSIFIED UNTIL FILLED IN, THEN HANDLE APPROPRIATELY
![Page 38: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/38.jpg)
Chapter 702-10
This page intentionally blank.
![Page 39: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/39.jpg)
Chapter 702-11
ATTACHMENTS 702-6
Root Cause Scenario
Background: Carl has been a DOE employee for about 3 years, working in an office
administrative position. Although he has a Q clearance, he very rarely handled classified
documents in his position.
Another employee in his organization, the Classified Document Control Station (CDCS)
custodian, was retiring soon and had given two weeks’ notice. The position needed to be filled
immediately due to the high volume of access the CDCS goes through each day. Shortly after his
retirement, an annual inventory of all classified documents was scheduled to take place.
The Director tasked Carl’s supervisor to fill this position as soon as possible. Since Carl has a
clearance and is familiar with the organization, he was offered the new position as the CDCS
Custodian. Carl was somewhat familiar on how to handle classified matter, but had not gone
through CMPC training for CDCS training since there were no classes held at the time. Given his
3 years with DOE, the supervisor believed this would not be an issue and filling the position was
more important due the upcoming inventory. The Director was not aware of the lack of training
Carl had.
Incident: Carl has now been in this new position for about 3 weeks, and has been assisting with
the inventory of the classified documents stored in the security containers in the CDCS. Carl was
leaving early on Wednesday for a long weekend and would be out until the Monday of the
following week. On his way out he told another employee, who was working on the inventory,
that the SF 700 Part 2s were being stored in his desk drawer, in case they needed to access a
security container.
Problem: SF 700 Part 2 was stored in an employee’s desk drawer instead of a security container.
How the Root Cause Analysis was determined for this finding:
A Safeguards and Security Periodic survey was conducted and a finding was assigned with a
Corrective Action Plan (CAP) response due within 30 days after survey date (example provided).
The team involved in determining the root cause of the finding, consisted of the elements HSO,
AHSO, and management not directly involved with the finding. The team reviewed and
discussed the scenario above.
Interviews with the employees involved helped obtain additional information of the events
leading up to the issuance of a finding. The team collected all the information and used the Root
Cause Tool 1 (see example) to determine the possible topics where the root cause may fall under
(i.e. A4 Management), which can be determined through group discussion. The Casual Analysis
Table was used to assist with breaking down the root cause by topic. There were sections that
did not apply to this situation, so the team placed a Not Applicable (N/A) in those sections. The
team continued to work their way through all the levels of the table (A1-A7, and down through
the “B’s” and “C’s” of each of those sections). Once the team has exhausted all possibilities,
Root Cause Tool 1 was then complete. In filling in Tool 1, the group noticed that there is the
![Page 40: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/40.jpg)
Chapter 702-12
potential to have more than one root cause for each section (see ‘A4’ in example). If this
happens then capture all suspected causes that apply.
After completing Root Cause Tool 1, the team analyzed the information to select the top or most
critical issues. Once those were established, we transferred the selections over to the Root Cause
Tool 2 table under ‘Suspected Cause’. The team then rated the Suspected Causes for ‘Areas of
Impact’ in a scale of 1-5. Once completed, we totaled up the ratings assigned to determine the
overall score that had the greatest impact, giving us our root cause.
This information is then transferred to the Corrective Action Plan Worksheet. If there are two
or more areas of impact that have the same scoring number then the Subject Matter Expert and
the team should discuss which area of impact outweighs the other. For example, if it is a matter
of mission vs. resources, the team may decide to use the Mission area of impact number versus
the resource number for this CAP. If the same finding occurs in the following year, then the
organization may decide to use the resource areas of impact as the root cause for the finding. For
this reason, all records that were used to determine root cause should be retained to document the
analysis that was conducted for each root cause.
![Page 41: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/41.jpg)
Chapter 702-13
ATTACHMENTS 702-7
![Page 42: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/42.jpg)
Chapter 702-14
ATTACHMENTS 702-8
Root Cause Tool 1 Example
![Page 43: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/43.jpg)
Chapter 702-15
ATTACHMENTS 702-9
ROOT CAUSE TOOL 2
Suspected Cause Areas of Impact
Mission Resource Quality Safety/Envir. Total
Steps:
1. Input ‘Suspected Cause’ from Root Cause Tool 1
2. Rate the impact (1-5) of each cause for each ‘Area of Impact’ (use ‘N/A’, if not applicable)
3. Total the ratings for an overall score to determine cause with greatest impact
Definitions
Mission – the overall program or organization mission agenda
Resources – budget and personnel are typically referenced as resources; however, other items
may also apply (e.g. hardware/equipment)
Quality – to the level of work
.
Safety/Environment – Affecting ability to work in ideal conditions, or impact to public safety
![Page 44: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/44.jpg)
Chapter 702-16
ATTACHMENTS 702-10
ROOT CAUSE TOOL 2
Suspected Cause Areas of Impact
Mission Resource Quality Safety/Envir. Total
Sufficient training was not available.
(B1,C02)
5
N/A
N/A
N/A
5
Supervisor did not communicate
with the Director the lack of training
the employee had with CDCS
responsibilities. (B4,C06)
5
2
4
N/A
11
Lack of manpower rushed the hiring
process; hiring underqualified
employee. (B2,C03)
4
3
5
N/A
12
Employee ignored the policy of
securing the SF- 700 just for
convenience (employee Negligence).
(B2,C02)
5
N/A
4
1
10
Steps:
4. Input ‘Suspected Cause’ from Root Cause Tool 1
5. Rate the impact (1-5) of each cause for each ‘Area of Impact’ (use ‘N/A’, if not applicable)
6. Total the ratings for an overall score to determine cause with greatest impact
Definitions
Mission – the overall program or organization mission agenda
Resources – budget and personnel are typically referenced as resources; however, other items
may also apply (e.g. hardware/equipment)
Quality – to the level of work
Safety/Environment – Affecting ability to work in ideal conditions or impact to public safety
![Page 45: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/45.jpg)
Chapter 703-1
Section 703 Ancillary Assessment Activities
Ancillary assessment activities are review activities used to assess the status of a specific part of
a security program in a less formal method than the survey methods outlined above.
WALKING THE SPACES
As part of their oversight responsibilities, Federal leadership complete review activities of elements for
which they are responsible. The Federal oversight may use the Walking the Spaces form (Attachment
703-1) as appropriate to capture these review activities and identify noteworthy practices or observations.
This form is flexible and may be used to review security, safety, or operational topics. The Team will
maintain data provided by these reviews in the Ancillary Assessment Database.
LINE ITEM REVIEWS
As part of the survey and oversight activities, the Line Item Review ensures all topics, sub-
topics, and security elements are assessed at some level. The Team develops a single question
based on DOE Orders or security plans called a Line Item Review (Attachment 703-2). When
available, responses submitted to the Team should include documented proof of completion.
The Team will assign Line Item Review questions based on the topic for which the person is
responsible or identified as a SME. The Team will maintain data provided by these reviews in
the Ancillary Assessment Database.
![Page 46: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/46.jpg)
Chapter 703-2
This page intentionally blank.
![Page 47: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/47.jpg)
Chapter 703-3
ATTACHMENT 703-1
WALKING THE SPACES
NAME:
Click here to enter text.
ORG.
Click here to enter text.
DATE ACTIVITY OBSERVED:
Click here to enter a date.
ACTIVITY OBSERVED:
Click here to enter text.
DESCRIPTION:
Click here to enter text.
NOTEWORTHY PRACTICE OR OBSERVATION:
Click here to enter text.
ORDER / PROCEDURE REFERENCE:
Click here to enter text.
RECOMMEND CORRECTIVE ACTION: ☐ ☐
YES NO
SIGNATURE:
DATE:
Click here to enter a date.
UNCLASSIFIED UNTIL FILLED IN, THEN HANDLE APPROPRIATELY
![Page 48: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/48.jpg)
Chapter 703-4
This page intentionally blank.
![Page 49: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/49.jpg)
Chapter 703-5
ATTACHMENT 703-2
LINE ITEM REVIEW
LINE ITEM REVIEW ASSIGNED TO:
NAME:
Click here to enter text.
ORG.
Click here to enter text.
DATE REQUIRED:
Click here to enter a date.
ORDER / PROCEDURE REFERENCE:
Click here to enter text.
ORDER / PROCEDURE REQUIREMENT:
Click here to enter text.
ACTIVITY REVIEWED / OBSERVED:
Click here to enter text.
NOTEWORTHY PRACTICE OR OBSERVATION:
Click here to enter text.
RECOMMEND CORRECTIVE ACTION: ☐ ☐
YES NO
SIGNATURE:
DATE:
Click here to enter a date.
Please attach applicable documentation of activities reviewed or observed
UNCLASSIFIED UNTIL FILLED IN, THEN HANDLE APPROPRIATELY
![Page 50: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/50.jpg)
Chapter 703-6
This page intentionally blank.
![Page 51: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/51.jpg)
Chapter 704-1
Section 704 Survey Scheduling
Safeguards and Security topics and sub-topics (see Attachment 701-1) for which Surveys are
conducted will be subject to a risk ranking analysis based on criteria that might impact the
element, refer to Attachment 704-1 for the current spreadsheet highlighting the criteria and their
scoring techniques. This risk rank approach allows better allocation of resources and allows
survey teams to implement a process improvement review on priority topics. Prior to adopting
this analysis process, survey personnel were attempting to ensure every year that every
requirement within the Orders was being addressed appropriately. This resulted in adopting a
more compliance-based view and did not employ the talents of the survey team members to use
their expertise to improve security. By employing this risk-based process, topics and sub-topics
that are stable or have minimal changes can be assessed by other means such as walking the
spaces or line item reviews. The survey team can continue to assess some topics for compliance
and others can be assessed for effectiveness. This will ensure safeguards and security
requirements remain present at DOE HQ and that efficiencies can be identified to improve the
process, reduce costs, and be more effective in their security efforts.
![Page 52: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/52.jpg)
Chapter 703-2
ATTACHMENT 704-1
RISK BASED ASSESSMENT SCHEDULING PROCESS FY 2020 *Final Score
1. P
rogram
is
Do
cum
ent Fo
cused
or W
ork Fo
cused
2. Elem
ent is
establish
ed an
d n
ot
chan
ging
3. N
ew Lead
ership
4. N
ew O
rder
5. Fin
din
gs/Issues
Iden
tified p
reviou
s
year
6. LIR
or o
ther
ancillary
assessmen
t
con
du
cted
7. Essen
tial Elemen
t
of S&
S Pro
tection
8. Im
pact to
safety,
security, o
r
resou
rces if fails
9. EA
repo
rted field
find
ings an
d issu
es
10
. IOSC
Program Management and Support
S&S Program Planning 0
Security Plans 0
Security Conditions 0
Performance Assurance 0
Survey, Review, and Self-Assessment Programs 0
Facility Clearances and Registration of S&S Activities 0
Foreign Ownership, Control, or Influence Programs 0
S&S Awareness 0
Control of Classified Visits 0
S&S Training Program 0
Incidents of Security Concern 0
Protective Force
Management 0
Training 0
Administration 0
Security Officers 0
Security Police Officers Fixed Posts 0
Security Police Officers I 0
Firearms Training 0
Firearms Operations 0
Firearms Qualification 0
Operational Assurance 0
Guidelines for Legal Authority/Fresh Pursuit and ROE 0
Performance Testing 0
Canine Program 0
Demonstrator and Protestor Plan 0
Workplace Violence and Active Shooter Plan 0
Personnel Security
General Requirements 0
Reciprocity 0
Personnel Security Quality Training 0
Personnel Security Files 0
Adjudicative Considerations Related to Statutory
Requirements and Departmental Requirements 0
Physical Protection
Protection Planning 0
Security Areas 0
Posting Notices 0
Locks and Keys 0
Maintenance 0
Barriers 0
Communications, Electrical Power, and Lighting 0
Secure Storage 0
Intrusion Detection and Assessment Systems 0
Entry/Exit Screening 0
DOE Security Badge, Credential, and Shield Program 0
Rating Elements (Scale 1 - 5)
Topic Sub-Topic
![Page 53: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/53.jpg)
Chapter 703-3
RISK BASED ASSESSMENT SCHEDULING PROCESS FY 2020
(Cont.) *Final Score
1. P
rogram
is
Do
cum
ent
Focu
sed o
r
Wo
rk Focu
sed
2. Elem
ent is
establish
ed an
d
no
t chan
ging
3. N
ew
Leadersh
ip
4. N
ew O
rder
5.
Find
ings/Issu
es
Iden
tified
previo
us year
6. LIR
or o
ther
ancillary
assessmen
t
con
du
cted
7. Essen
tial
Elemen
t of S&
S
Pro
tection
8. Im
pact to
safety, security,
or reso
urces if
fails
9. EA
repo
rted
field fin
din
gs
and
issues
10
. IOSC
Information Security
General Requirements 0
Handling and Protection 0
Foreign Government Information 0
Release or Disclosure of U.S. Classified Information to Foreign
Governments 0Disclosure and Release in Emergency Situations 0
Operations Security 0
Unclassified Foreign Visitors and Assignments Program
Documentation 0
Lawful Immigration Status, Citizenship, and Identity 0
Security Plans 0
Indices Checks 0
Access Approval 0
Graded Approach 0
*Score less than 23 ancillary assessment activities will monitor. Score 24 - 32 minimal survey effort will be conducted (ex. Document review, interview process owner). Score greater than 32 complete
survey effort will be conducted (includes document review, multiple interviews, observation of work activities and performance testing where applicable)
Topic Sub-Topic
Rating Elements (Scale 1 - 5)
![Page 54: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/54.jpg)
Chapter 703-4
RISK BASED ASSESSMENT SCHEDULING PROCESS FY 2020
RATING SCALE 1. Program is Document Focused or Work Focused
1 Program is primarily used to develop a document (example, DBT)
2 Program is focused more on documentation but has elements of physical work activities (example, SECON)
3 Program is a blend of document and physical work (example, Survey Program)
4 Program is focused more on physical work activities with some elements of documentation review (example, PAP)
5 Program is primarily a physical work program (example, Firearms Qualification)
2. Element is established and not changing
1 The program or element is greater than 10 years old (example, the PPA boundary identified at the fence line for
Germantown)
2 The program or element is 5 - 10 years old (example,
3 The program or element is 3 - 5 years old (example,
4 The program element is 1 - 3 years old (example, Performance Assurance Program)
5 The program element is less than a year old (example, DBT implementation)
3. New Leadership (Leadership, senior person immediately responsible for the program)
1 Leadership established greater than 5 years
2 Leadership established between 3 and 5 years
3 Leadership established between 1 and 3 years
4 Leadership established for less than one year
5 Leadership established for less than six months
4. New Order (Order can also be procedure or process depending on the impact of the document)
1 Document established greater than 5 years
2 Document established between 3 and 5 years
3 Document established between 1 and 3 years
4 Document established for less than one year
5 Document established for less than six months
5. Findings/Issues Identified previous year (Findings or Issues must require CAPS, these are not recommendations or opportunities for
improvement)
1 Minor document updates
2 Issues require resource attention but not a complete change of the program
3 Program is functioning but not meeting the intent of the order
4 Program is established on paper but not functioning
5 Lack of an entire program
![Page 55: Chapter 7 Revision History - Energy.gov · Chapter 7-1 Chapter 7 Surveys and Reviews This chapter describes the programs and procedures adopted by DOE HQ to implement the requirements](https://reader030.vdocuments.us/reader030/viewer/2022040109/5e86bbfb398b760d3a42aa78/html5/thumbnails/55.jpg)
Chapter 703-5
6. LIR or other ancillary assessment conducted
1 Other assessment activity fully reviews the program
2 Requirements for the program are few, other assessment activities can address the major issues of the program
3 Other assessment activities are effective but a formal survey may provide serious benefit
4 Minor review through program, on or two ?LIR conducted with not issues notes
5 Program is broad and impacts many organizations, even though other assessment activities were conducted even a formal
survey might not address all elements of the program
7. Essential Element of S&S Protection
5 Identified as an Essential Element in the DBT/SRA process
8. Impact to safety, security or resources if fails
1 No impact, minor inconvenience
2 First Aid rendered by employee, loss of OUO information budget impact to AU-42
3 Medical attention needed, loss of Confidential information, budget impact to AU-40
4 Serious injury, loss of Secret information budget impact to AU
5 Major injury or death, loss of Top Secret information, major budget impact to AU
9. EA reported field findings/issues
1 No issue reported
2 Adverse single occurrence
3 Adverse emerging trend but minor impact
4 Adverse emerging trend major impact
5 Previously reported adverse continuing trend
10. IOSC
1 No IOSC reported for the year
2 1 CAT B IOSC
3 A few CAT B IOSC
4 Many CAT B IOSC
5 CAT A IOSC